Cryptanalysis & Its Various Techniques

Cryptanalysis refers to the study of ciphers, ciphertext,
or cryptosystems (that is, to secret code systems) with a view to
finding weaknesses in them that will permit retrieval of the plaintext from the ciphertext, without necessarily knowing the key or the algorithm. This is known as breaking the cipher, ciphertext, or cryptosystem.
Breaking is sometimes used interchangeably with weakening. This refers to finding a property (fault) in the design or implementation of the cipher
that reduces the number of keys required in a brute force attack (that
is, simply trying every possible key until the correct one is found).
For example, assume that a symmetric cipher implementation uses a key
length of 2^128 bits (2 to the power of 128): this means that a brute
force attack would need to try up to all 2^128 possible combinations
(rounds) to be certain of finding the correct key (or, on average, 2^127
possible combinations) to convert the ciphertext into plaintext, which
is not possible given present and near future computing abilities.
However, a cryptanalysis of the cipher reveals a technique that would
allow the plaintext to be found in 2^40 rounds. While not completely
broken, the cipher is now much weaker and the plaintext can be found
with moderate computing resources.
There are numerous techniques for performing cryptanalysis, depending on
what access the cryptanalyst has to the plaintext, ciphertext, or other
aspects of the cryptosystem. Below are some of the most common types of
attacks:
1) Known-plaintext analysis: With this
procedure, the cryptanalyst has knowledge of a portion of the plaintext
from the ciphertext. Using this information, the cryptanalyst attempts
to deduce the key used to produce the ciphertext.
2) Chosen-plaintext analysis (also known as differential cryptanalysis):
The cryptanalyst is able to have any plaintext encrypted with a key and
obtain the resulting ciphertext, but the key itself cannot be analyzed.
The cryptanalyst attempts to deduce the key by comparing the entire
ciphertext with the original plaintext. The Rivest-Shamir-Adleman encryption technique has been shown to be somewhat vulnerable to this type of analysis.
3) Ciphertext-only analysis: The cryptanalyst has no knowledge
of the plaintext and must work only from the ciphertext. This requires
accurate guesswork as to how a message could be worded. It helps to have
some knowledge of the literary style of the ciphertext writer and/or
the general subject matter.
4) Man-in-the-middle attack: This differs from the above in that
it involves tricking individuals into surrendering their keys. The
cryptanalyst/attacker places him or herself in the communication channel
between two parties who wish to exchange their keys for secure
communication (via asymmetric or public key infrastructure
cryptography). The cryptanalyst/attacker then performs a key exchange
with each party, with the original parties believing they are exchanging
keys with each other. The two parties then end up using keys that are
known to the cryptanalyst/attacker. This type of attack can be defeated
by the use of a hash function.
5) Timing/differential power analysis: This is a new technique made public in June 1998, particularly useful against the smart card,
that measures differences in electrical consumption over a period of
time when a microchip performs a function to secure information. This
technique can be used to gain information about key computations used in
the encryption algorithm and other functions pertaining to security.
The technique can be rendered less effective by introducing random noise
into the computations, or altering the sequence of the executables to
make it harder to monitor the power fluctuations. This type of analysis
was first developed by Paul Kocher of Cryptography Research, though Bull
Systems claims it knew about this type of attack over four years
before.
In addition to the above, other techniques are available, such as convincing individuals to reveal passwords/keys, developing Trojan horse
programs that steal a victim's secret key from their computer and send
it back to the cryptanalyst, or tricking a victim into using a weakened
cryptosystem. All of these are valid techniques in cryptanalysis, even
though they may be considered unorthodox.
Successful cryptanalysis is a combination of mathematics,
inquisitiveness, intuition, persistence, powerful computing resources -
and more often than many would like to admit - luck. However, successful
cryptanalysis has made the enormous resources often devoted to it more
than worthwhile: the breaking of the German Enigma code during WWII, for
example, was one of the key factors in an early Allied victory.
Today, cryptanalysis is practiced by a broad range of organizations:
governments try to break other governments' diplomatic and military
transmissions; companies developing security products send them to
cryptanalysts to test their security features and to a hacker or cracker
to try to break the security of Web sites by finding weaknesses in the
securing protocols. It is this constant battle between cryptographers
trying to secure information and cryptanalysts trying to break
cryptosystems that moves the entire body of cryptology knowledge
forward.

About
Muhammad Hassnain

Is a Web Developer and Social Media Strategist. Has efficient communication and management skills.3 years experience of blogging and content writing. Fond of latest and futuristic technologies. Has a good experience of freelancing and marketing.

RELATED POSTS

Cryptanalysis & Its Various Techniques
Reviewed by Muhammad Hassnain
on
Saturday, May 17, 2014
Rating: 5

Labels

is a global, multi-flavored news media and entertainment blog. Powered by muddlex team, Muddlex is the go-to source for tech, digital culture, sports and entertainment content for its potential and influential audience around the globe.